AAA認證
安全策略中的一種,可以用於用戶登錄驗證,授權,或者防火牆中流量需要認證
兩種協議:
TACACS+ | RADIUS |
Cisco | Client/server model, shared secret |
TCP | UDP |
encrypts entire body | encrypts only the password |
separates AAA | access-accept packets sent by RADIUS server to client contain authorization info |
TACACS+traffic:
RADIUS traffic:
Juniper 中配置TACACS+:
tacplus-server server-address { // server 地址
port port-number; // server 端口號
routing-instance routing-instance; //management-instance??
secret password; // 和server的共享祕鑰
single-connection;// 和server間只使用一個TCP session
timeout seconds; // 1-90s 等待server反應的時間
}